[INS-377] Add V2 for weights and biases detector

[mustansir14]

Summary

Weights & Biases recently introduced a new API key format prefixed with wandb_v1_, distinct from the legacy 40-character hex format. This PR adds a v2 detector to cover the new format while keeping the v1 detector active for existing keys.

What changed

• pkg/detectors/weightsandbiases/base.go — defines BaseScanner, a base struct embedded by both versioned scanners; provides FromData, verifyMatch, Type, and Description; the HTTP client is held on the struct so no need to pass it through call chains; version is passed as a parameter to FromData and included in ExtraData of every result alongside the account fields returned by the API
• pkg/detectors/weightsandbiases/v1/ — existing detector moved here from the package root; implements Versioner returning 1; delegates to BaseScanner for all shared logic
• pkg/detectors/weightsandbiases/v2/ — new detector targeting the wandb_v1_<27 chars>_<49 chars> format; implements Versioner returning 2; delegates to BaseScanner for all shared logic
• pkg/engine/defaults/defaults.go — updated import paths; both v1 and v2 scanners registered

Regex

Version	Pattern
v1	[0-9a-f]{40} (with wandb prefix)
v2	wandb_v1_[A-Za-z0-9]{27}_[A-Za-z0-9]{49}

The v2 pattern is self-anchored on the wandb_v1_ literal prefix, so no PrefixRegex wrapper is needed. Segment lengths are exact based on observed key samples.

Verification

Both versions verify against the W&B GraphQL API (POST https://api.wandb.ai/graphql) using the viewer query with Basic auth (api:<token>). A 200 response with a non-empty username field is considered verified; 401 is definitively invalid; anything else is a verification error.

Corpora Testing

The detector does not appear in the lists.

Checklist:

• Tests passing (make test-community)?
• Lint passing (make lint this requires golangci-lint)?

---

Note

Medium Risk
Adds a new detector and refactors existing W&B detection/verification into shared code, which could change match/verification behavior and increase findings volume; limited blast radius to this provider’s detector registration.

Overview
Adds support for the new Weights & Biases API key format (wandb_v1_...) by introducing a v2 detector alongside the legacy v1 detector.

Refactors the existing W&B detector into a shared BaseScanner (weightsandbiases/base.go) and moves the legacy regex/scan logic into weightsandbiases/v1, with both versions now emitting a version field in Result.ExtraData.

Updates engine defaults to register both weightsandbiases/v1 and weightsandbiases/v2, and extends/introduces unit + integration tests to cover the new pattern and the versioned result metadata.

^{Reviewed by Cursor Bugbot for commit 07506e3. Bugbot is set up for automated code reviews on this repo. Configure here.}

[shahzadhaider1]

I like how you’ve unified the common code into a single implementation--it looks clean. That said, it’s a bit inconsistent with how we handle newer versions in other detectors across the codebase. Just something I noticed.

[shahzadhaider1]

I don't see the detector version being set in extraData anywhere in this PR -- can we add it?

[amanfcp]

Agreed. We should add version info in ExtraData to follow convention

[mustansir14]

Added

[mustansir14]

I like how you’ve unified the common code into a single implementation--it looks clean. That said, it’s a bit inconsistent with how we handle newer versions in other detectors across the codebase. Just something I noticed.

Yeah, this is done because the implementations for both versions are exactly the same. The only difference is the regex pattern, so It didn't make sense for me to duplicate all of the code.

Other versioned detectors usually have some differences, mostly in the verification logic.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit d3f03f0. Configure here.}